Medtronic is looking to solve issues related to auditing regulated medical device software, product cybersecurity, and risk management to ensure compliance with internal and external regulatory agencies.
Requirements
- Must have experience, subject matter expertise (SME), and technical knowledge working with regulated medical device software and product cybersecurity requirements.
- Possess understanding of Software Bill of Material (SBOM) development and maintenance for the purposes of vulnerability monitoring.
- Possess an understanding of non-probabilistic scoring methodologies for security threats like common vulnerability scoring system (CVSS) and apply appropriately.
- Experience with regulated medical device software requirements: IEC 62304:2006 + AMD1:2015, IEC 82304-1:2016, United States FDA Device Software Functions related Guidance’s, United States FDA Interoperability related Guidance’s, United States FDA AI-Enabled Device Software Function Guidance, European Commission’s Guidance’s on Medical Device Software (MDCG 2019-11, MDCG 2023-4, MDCG 2025-4), IMDRF’s Software as a Medical Device (SaMD) Guidance’s, ISO 14971:2019, EU AI Act
- Experience with regulated product cybersecurity requirements: IEC 81001-5-1:2021, SW96:2023 – Standard for Medical Device Security – Security Risk Management for Device Manufacturers, United States FDA Pre-Market and Post-Market Product Cybersecurity Guidance’s, European Commission’s Guidance on Cybersecurity of Medical Devices (MDCG 2019-16), IMDRF’s Principles and Practices for Medical Device Cybersecurity Guidance’s, ENISA – EU Cybersecurity Act, ISO 80001-2 series and ISO 14971
- Security Certifications (i.e., CISSP, CEH, CISA, CISM, Security+, GSEC, OSCP, etc.)
- Firsthand experience assessing medical device software and product cybersecurity of regulated or safety critical devices.
Responsibilities
- Remain informed on Regulatory requirements for Software and Product Cybersecurity to identify gaps in medical device software.
- Manage and oversee internal audit activities, which may include conducting and/or overseeing audits, investigations, and/or interviews; and preparing corresponding reports and documents.
- Coordinate and/or complete internal assessments and/or audits in accordance with regulatory standards, which may include US and/or international regulatory agencies/authorities.
- Interpret and implement applicable regulations as they apply to products, processes, practices, and procedures.
- Analyze audit data and present findings to management and/or regulatory bodies in support of Corrective Action Plans, which may include coaching business partners on compliance gaps, data, and/or resulting corrective actions.
- Own development of training and awareness programs for Software as a Medical Device (SaMD), Software in a Medical Device (SiMD), and product cybersecurity designed to increase auditor awareness and knowledge of requirements.
- Provide detailed functional medical device software and product security knowledge and maintain insight into current industry best practices and how they can be applied to Medtronic.
Other
- Act boldly. Compete to win. Move with speed and decisiveness. Foster belonging. Deliver results…the right way. That’s the Medtronic Mindset — our cultural norms.
- We recognize your extraordinary potential to ensure future generations live better, healthier lives.
- We look for leaders who have a clear vision of where we are going and how to get there, bold inclusive thinkers who create new ideas and bring our best solutions forward to benefit our patients, business partners, and customers.
- May counsel stakeholders about these requirements as necessary.
- Expected travel: 20-25%
